[Mimedefang] New .zip virus?

Tue Jan 27 13:01:49 EST 2004

On Tue, 27 Jan 2004, Brent J. Nordquist wrote:

> The only thing that's been holding me back from doing that here, or
> implementing similar measures (e.g. unzip and see if there's only a .scr
> or .pif inside), is the fear of a "10 gigabytes of 0's" DoS ZIP file.

If you have GNU cut, this should be safe:

	unzip -p $part | cut -b -100000 | wc

That should kill the unzip once it goes past 100K.

Better yet, why not do the equivalent of:

	unzip -l $part | grep -i $bad_exts

Just check if the unzipped file has any .exe, .pif, etc. in it.  This
is more reliable and future-proof than testing for a specific size.

--
David.